Description

When an nginx web server implements an HTTP redirect by using the $uri or $document_uri variables within the redirection target location, the resulting configuration may be vulnerable to header injection.

Remediation

Implement the HTTP redirect with $request_uri instead of $uri or $document_uri.

References

Related Vulnerabilities